P
US9794172B2ActiveUtilityPatentIndex 27

Edge network virtualization

Assignee: iPhotonixPriority: Jun 27, 2014Filed: Jun 24, 2015Granted: Oct 17, 2017
Est. expiryJun 27, 2034(~8 yrs left)· nominal 20-yr term from priority
Inventors:VISSER LANCE ARNOLDFAUSAK LOUIS GREGORYFULLFORD ANDREW KENNEDYWEEREN ERICWIANT RUSSELLPLATT RICHARD BALLANTYNE
H04L 12/2854H04L 63/083H04L 45/586H04L 63/0435
27
PatentIndex Score
0
Cited by
30
References
22
Claims

Abstract

A virtual edge router network for providing managed services to distributed remote office locations can include routing components that are capable of being autonomously deployed at the network edge, as well as remotely managed, thereby obviating the need for on-site technical support in remote offices of the a small and medium business (SMB) client. Autonomous deployment and remote management is achieved through abstraction of the control and management planes from the data plane. Virtual edge routers may include virtual forwarding units and virtual remote agents instantiated on host devices in each remote office location, as well as a virtual network controller instantiated on a host device in a head-office location. A data plane of the virtual edge router communicatively couples the virtual forwarding units to one another, while a control plane communicatively couples the virtual network controller to each virtual data forwarding unit.

Claims

exact text as granted — not AI-modified
What is claimed: 
     
       1. A virtual edge router comprising:
 a plurality of virtual data forwarding units, wherein each virtual forwarding unit is instantiated on a different one of a plurality of host devices; 
 a data plane communicatively coupling the plurality of virtual data forwarding units with one another, wherein the data plane includes data tunnels extending between WAN interfaces of the host devices; 
 a virtual controller instantiated on a central host device; and 
 a control plane communicatively coupling the virtual controller to each of the virtual data forwarding units, wherein the control plane includes control tunnels interconnecting a WAN interface of the central host device to WAN interfaces of the plurality of host devices, and 
 wherein the virtual controller establishes the control tunnels by decrypting encrypted control tunnel establishment messages, received from the plurality of virtual data forwarding units, in accordance with a control tunnel password. 
 
     
     
       2. The virtual edge router of  claim 1 , further comprising:
 a plurality of virtual remote agents instantiated on the central host device and on the plurality of host devices, wherein each virtual remote agent is instantiated on a different host device; and 
 a management plane interconnecting the plurality of virtual remote agents to a virtual network commander in a server, wherein the management plane includes management tunnels interconnecting WAN interfaces of the central host device and the plurality of host devices to the server. 
 
     
     
       3. The virtual edge router of  claim 2 , wherein each of the data plane, the control plane, and the management plane have a distinct communication plane topology. 
     
     
       4. The virtual edge router of  claim 1 , wherein the plurality of virtual data forwarding units includes at least a first virtual data forwarding unit instantiated on a first host device and a second virtual data forwarding unit instantiated on a second host device, and
 wherein the data plane of the virtual edge router includes a data tunnel interconnecting a WAN interface of the first host device with a WAN interface of the second host device. 
 
     
     
       5. The virtual edge router of  claim 4 , wherein the data tunnel is established at least partially over a wide area network. 
     
     
       6. The virtual edge router of  claim 5 , wherein the first host device comprises at least a first local area network (LAN) interface and the second host device comprises at least a second LAN interface, the first LAN interface and the second LAN interfaces being LAN interfaces of the virtual edge router. 
     
     
       7. The virtual edge router of  claim 6 , wherein the first virtual forwarding unit is configured to receive a data packet addressed to the second LAN interface over the first LAN interface, and to forward the data packet over the data tunnel to the second virtual forwarding unit. 
     
     
       8. The virtual edge router of  claim 7 , wherein the forwarded data packet is communicated over the wide area network without exiting the data plane of the virtual edge router. 
     
     
       9. The virtual edge router of  claim 4 , wherein the control plane includes a control tunnel interconnecting the WAN interface of the central host device to the WAN interface of the second host device. 
     
     
       10. The virtual edge router of  claim 9 , wherein the virtual controller is configured to update and manage a routing table in the second virtual data forwarding unit via control signaling communicated over the control tunnel. 
     
     
       11. The virtual edge router of  claim 9 , wherein the first host device and the central host device are the same host device, and wherein the virtual controller and the first virtual data forwarding unit are co-located on the same host device. 
     
     
       12. The virtual edge router of  claim 9 , wherein the central host device excludes the plurality of virtual data forwarding units. 
     
     
       13. A local host device comprising a wide area network (WAN) interface, a processor, and a memory adapted to store programming for execution by the processor, the programming including instructions to:
 send a beacon message to a virtual network commander instantiated on a server, the beacon message configured to establish a management tunnel between the WAN interface of the local host device and the virtual network commander on the server, wherein the management tunnel is adapted to carry signaling over a management plane of a virtual edge router; 
 trigger establishment of a control tunnel between the WAN interface of the local host device and a WAN interface of a first remote host device, wherein the control tunnel is adapted to carry signaling over a control plane of the virtual edge router, and wherein the instructions to trigger establishment of the control tunnel includes instructions to receive an encrypted control tunnel establishment message from a first virtual data forwarding unit instantiated on the first remote host device, to attempt to decrypt the encrypted control tunnel establishment message in accordance with a control tunnel password, and to establish the control tunnel when attempt to decrypt the encrypted control tunnel establishment message is successful; and 
 trigger establishment of a data tunnel adapted to carry signaling over a data plane of the virtual edge router, wherein each of the data plane, the control plane, and the management plane have a distinct communication plane topology. 
 
     
     
       14. The local host device of  claim 13 , further comprising a virtual controller instantiated on the local host device, wherein the virtual controller is configured to communicate control signaling over the control tunnel to the first virtual data forwarding unit instantiated on the first remote host device. 
     
     
       15. The local host device of  claim 13 , wherein the programming further includes instructions to receive the control tunnel password over the management plane of the virtual edge router. 
     
     
       16. The local host device of  claim 14 , wherein the instructions to trigger establishment of the data tunnel includes instructions to:
 forward a routing table over the control tunnel to the first virtual data forwarding unit instantiated on the first remote device, the routing table specifying an address of a second remote host device, and wherein the routing table prompts the first virtual data forwarding unit to send a data tunnel establishment message to a second virtual data forwarding unit instantiated on the second remote host device, the data tunnel establishment message configured to establish the data tunnel between the WAN interface of the first remote host device and a WAN interface of the second remote host device. 
 
     
     
       17. The local host device of  claim 13 , wherein the data tunnel extends between the WAN interface of the local host device and the WAN interface of the first remote host device, and
 wherein the first virtual data forwarding unit is configured to communicate data signaling over the data tunnel to a second virtual data forwarding unit instantiated on the first remote host device. 
 
     
     
       18. The local host device of  claim 17 , wherein the data tunnel extends at least partially over a wide area network, and wherein the first virtual data forwarding unit is configured to exchange data packets with the second virtual data forwarding unit over the data tunnel, the forwarded data packets being transported over the wide area network without exiting the data plane of the virtual edge router. 
     
     
       19. A local host device comprising a wide area network (WAN) interface, a processor, and a memory adapted to store programming for execution by the processor, the programming including instructions to:
 send a beacon message to a virtual network commander instantiated on a server, the beacon message configured to establish a management tunnel between the WAN interface of the local host device and the virtual network commander on the server, wherein the management tunnel is adapted to carry signaling over a management plane of a virtual edge router; 
 trigger establishment of a control tunnel between the WAN interface of the local host device and a WAN interface of a first remote host device, wherein the control tunnel is adapted to carry signaling over a control plane of the virtual edge router, wherein the instructions to trigger establishment of the control tunnel includes instructions to receive a configuration instruction carrying a control tunnel password and an internet protocol (IP) address of the first remote host device over the management tunnel from the virtual network commander, to encrypt a control tunnel establishment message in accordance with the control tunnel password, and to send the encrypted control tunnel establishment message to a virtual network controller instantiated on the first remote host device, the encrypted control tunnel establishment message configured to establish the control tunnel; and 
 trigger establishment of a data tunnel adapted to carry signaling over a data plane of the virtual edge router, wherein each of the data plane, the control plane, and the management plane have a distinct communication plane topology. 
 
     
     
       20. The local host device of  claim 19 , wherein the instructions to trigger establishment of the data tunnel include instructions to:
 receive a routing table from the virtual network controller over the control tunnel, the routing table specifying an address of a second remote host device; and 
 send a data tunnel establishment message to a second virtual data forwarding unit instantiated on the second remote host device, wherein the data tunnel establishment message is configured to establish the data tunnel between the WAN interface of the first remote host device and a WAN interface of the second remote host device. 
 
     
     
       21. The local host device of  claim 13 , further comprising a virtual remote agent instantiated on the local host device, wherein the management plane interconnects the virtual remote agent to the virtual network commander on the server. 
     
     
       22. The local host device of  claim 19 , wherein the data tunnel is established at least partially over a wide area network.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.